Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Overlapping NAT statements on ASA

I'm having trouble with NAT.

This works:

static (Internal-201,ELI-External) tcp interface 3389 192.168.201.114 3389 netmask 255.255.255.255

This doesn't:

static (Internal-201,ELI-External) tcp MY_EXT_IP 3389 192.168.201.114 3389 netmask 255.255.255.255

Why wouldn't the second statement work? I'm positive that I'm typing in the correct external IP.

Edit: I'm guessing that it isn't working because the first statement has overloading and the second one doesn't.. so it doesn't know how to "get back to me" since I'm in a private network myself. If this is the reason why, then is there a way to have multiple nat statements re-directing me, depending on my source IP? (ie: if I RDP from home, it redirects me to .114, and if I RDP from work, it redirects me to .177)

2 REPLIES

Re: Overlapping NAT statements on ASA

Your 2nd statement should work too as it's doing static PAT as well.

Are you permitting MY_EXT_IP port # 3389 on the ACL applied on the ELI-External interface?

HTH

Sundar

Re: Overlapping NAT statements on ASA

As Sundar said, apply acl to eli-external interface..

Here is a usefull link to follow the example, it should work.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#intro

static (internal-201,ELI-External) tcp interface 3389 192.168.201.114 3389 netmask 255.255.255.255 0 0

static (internal-201,ELI-External) tcp interface 3389 192.168.201.177 3389 netmask 255.255.255.255 0 0

access-list ACL1 extended permit tcp host ExternalIP-1 host 192.168.201.114 eq 3389

access-list ACL1 extended permit tcp host ExternalIP-2 host 192.168.201.177 eq 3389

access-group ACL1 in interface ELI-External

214
Views
0
Helpful
2
Replies